I am trying to do the same for users that will authenticate on STS A. I can't find any examples anywhere including the documentation that will allow me to cross the trust relationship, getting the token initially from STS A and using that to get a token from STS B for my service.